File Coverage

_ripemd-160.c

Criterion	Covered	Total	%
statement	201	218	92.2
branch	6	16	37.5
condition			n/a
subroutine			n/a
pod			n/a
total	207	234	88.4

line	stmt	bran	code
1			/* ripemd-160.c - an implementation of RIPEMD-160 Hash function
2			* based on the original aritcle:
3			* H. Dobbertin, A. Bosselaers, B. Preneel, RIPEMD-160: A strengthened version
4			* of RIPEMD, Lecture Notes in Computer, 1996, V.1039, pp.71-82
5			*
6			* Copyright: 2009-2012 Aleksey Kravchenko
7			*
8			* Permission is hereby granted, free of charge, to any person obtaining a
9			* copy of this software and associated documentation files (the "Software"),
10			* to deal in the Software without restriction, including without limitation
11			* the rights to use, copy, modify, merge, publish, distribute, sublicense,
12			* and/or sell copies of the Software, and to permit persons to whom the
13			* Software is furnished to do so.
14			*
15			* This program is distributed in the hope that it will be useful, but
16			* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17			* or FITNESS FOR A PARTICULAR PURPOSE. Use this program at your own risk!
18			*/
19
20			#include
21			#include "byte_order.h"
22			#include "ripemd-160.h"
23
24			/**
25			* Initialize algorithm context before calculaing hash.
26			*
27			* @param ctx context to initialize
28			*/
29	2		void rhash_ripemd160_init(ripemd160_ctx *ctx)
30			{
31	2		ctx->length = 0;
32
33			/* initialize state */
34	2		ctx->hash[0] = 0x67452301;
35	2		ctx->hash[1] = 0xefcdab89;
36	2		ctx->hash[2] = 0x98badcfe;
37	2		ctx->hash[3] = 0x10325476;
38	2		ctx->hash[4] = 0xc3d2e1f0;
39	2		}
40
41			/* five boolean functions */
42			#define F1(x, y, z) ((x) ^ (y) ^ (z))
43			#define F2(x, y, z) ((((y) ^ (z)) & (x)) ^ (z))
44			#define F3(x, y, z) (((x) \| ~(y)) ^ (z))
45			#define F4(x, y, z) ((((x) ^ (y)) & (z)) ^ (y))
46			#define F5(x, y, z) ((x) ^ ((y) \| ~(z)))
47
48			#define RMD_FUNC(FUNC, A, B, C, D, E, X, S, K) \
49			(A) += FUNC((B), (C), (D)) + (X) + K; \
50			(A) = ROTL32((A), (S)) + (E); \
51			(C) = ROTL32((C), 10);
52
53			/* steps for the left and right half of algorithm */
54			#define L1(A, B, C, D, E, X, S) RMD_FUNC(F1, A, B, C, D, E, X, S, 0)
55			#define L2(A, B, C, D, E, X, S) RMD_FUNC(F2, A, B, C, D, E, X, S, 0x5a827999UL)
56			#define L3(A, B, C, D, E, X, S) RMD_FUNC(F3, A, B, C, D, E, X, S, 0x6ed9eba1UL)
57			#define L4(A, B, C, D, E, X, S) RMD_FUNC(F4, A, B, C, D, E, X, S, 0x8f1bbcdcUL)
58			#define L5(A, B, C, D, E, X, S) RMD_FUNC(F5, A, B, C, D, E, X, S, 0xa953fd4eUL)
59			#define R1(A, B, C, D, E, X, S) RMD_FUNC(F5, A, B, C, D, E, X, S, 0x50a28be6UL)
60			#define R2(A, B, C, D, E, X, S) RMD_FUNC(F4, A, B, C, D, E, X, S, 0x5c4dd124UL)
61			#define R3(A, B, C, D, E, X, S) RMD_FUNC(F3, A, B, C, D, E, X, S, 0x6d703ef3UL)
62			#define R4(A, B, C, D, E, X, S) RMD_FUNC(F2, A, B, C, D, E, X, S, 0x7a6d76e9UL)
63			#define R5(A, B, C, D, E, X, S) RMD_FUNC(F1, A, B, C, D, E, X, S, 0)
64
65			/**
66			* The core transformation. Process a 512-bit block.
67			*
68			* @param hash algorithm intermediate hash
69			* @param X the message block to process
70			*/
71	2		static void rhash_ripemd160_process_block(unsigned hash, const unsigned X)
72			{
73	2		register unsigned A = hash[0], B = hash[1], C = hash[2],
74	2		D = hash[3], E = hash[4];
75			unsigned a1, b1, c1, d1, e1;
76
77			/* rounds of the left half */
78	2		L1(A, B, C, D, E, X[ 0], 11);
79	2		L1(E, A, B, C, D, X[ 1], 14);
80	2		L1(D, E, A, B, C, X[ 2], 15);
81	2		L1(C, D, E, A, B, X[ 3], 12);
82	2		L1(B, C, D, E, A, X[ 4], 5);
83	2		L1(A, B, C, D, E, X[ 5], 8);
84	2		L1(E, A, B, C, D, X[ 6], 7);
85	2		L1(D, E, A, B, C, X[ 7], 9);
86	2		L1(C, D, E, A, B, X[ 8], 11);
87	2		L1(B, C, D, E, A, X[ 9], 13);
88	2		L1(A, B, C, D, E, X[10], 14);
89	2		L1(E, A, B, C, D, X[11], 15);
90	2		L1(D, E, A, B, C, X[12], 6);
91	2		L1(C, D, E, A, B, X[13], 7);
92	2		L1(B, C, D, E, A, X[14], 9);
93	2		L1(A, B, C, D, E, X[15], 8);
94
95	2		L2(E, A, B, C, D, X[ 7], 7);
96	2		L2(D, E, A, B, C, X[ 4], 6);
97	2		L2(C, D, E, A, B, X[13], 8);
98	2		L2(B, C, D, E, A, X[ 1], 13);
99	2		L2(A, B, C, D, E, X[10], 11);
100	2		L2(E, A, B, C, D, X[ 6], 9);
101	2		L2(D, E, A, B, C, X[15], 7);
102	2		L2(C, D, E, A, B, X[ 3], 15);
103	2		L2(B, C, D, E, A, X[12], 7);
104	2		L2(A, B, C, D, E, X[ 0], 12);
105	2		L2(E, A, B, C, D, X[ 9], 15);
106	2		L2(D, E, A, B, C, X[ 5], 9);
107	2		L2(C, D, E, A, B, X[ 2], 11);
108	2		L2(B, C, D, E, A, X[14], 7);
109	2		L2(A, B, C, D, E, X[11], 13);
110	2		L2(E, A, B, C, D, X[ 8], 12);
111
112	2		L3(D, E, A, B, C, X[ 3], 11);
113	2		L3(C, D, E, A, B, X[10], 13);
114	2		L3(B, C, D, E, A, X[14], 6);
115	2		L3(A, B, C, D, E, X[ 4], 7);
116	2		L3(E, A, B, C, D, X[ 9], 14);
117	2		L3(D, E, A, B, C, X[15], 9);
118	2		L3(C, D, E, A, B, X[ 8], 13);
119	2		L3(B, C, D, E, A, X[ 1], 15);
120	2		L3(A, B, C, D, E, X[ 2], 14);
121	2		L3(E, A, B, C, D, X[ 7], 8);
122	2		L3(D, E, A, B, C, X[ 0], 13);
123	2		L3(C, D, E, A, B, X[ 6], 6);
124	2		L3(B, C, D, E, A, X[13], 5);
125	2		L3(A, B, C, D, E, X[11], 12);
126	2		L3(E, A, B, C, D, X[ 5], 7);
127	2		L3(D, E, A, B, C, X[12], 5);
128
129	2		L4(C, D, E, A, B, X[ 1], 11);
130	2		L4(B, C, D, E, A, X[ 9], 12);
131	2		L4(A, B, C, D, E, X[11], 14);
132	2		L4(E, A, B, C, D, X[10], 15);
133	2		L4(D, E, A, B, C, X[ 0], 14);
134	2		L4(C, D, E, A, B, X[ 8], 15);
135	2		L4(B, C, D, E, A, X[12], 9);
136	2		L4(A, B, C, D, E, X[ 4], 8);
137	2		L4(E, A, B, C, D, X[13], 9);
138	2		L4(D, E, A, B, C, X[ 3], 14);
139	2		L4(C, D, E, A, B, X[ 7], 5);
140	2		L4(B, C, D, E, A, X[15], 6);
141	2		L4(A, B, C, D, E, X[14], 8);
142	2		L4(E, A, B, C, D, X[ 5], 6);
143	2		L4(D, E, A, B, C, X[ 6], 5);
144	2		L4(C, D, E, A, B, X[ 2], 12);
145
146	2		L5(B, C, D, E, A, X[ 4], 9);
147	2		L5(A, B, C, D, E, X[ 0], 15);
148	2		L5(E, A, B, C, D, X[ 5], 5);
149	2		L5(D, E, A, B, C, X[ 9], 11);
150	2		L5(C, D, E, A, B, X[ 7], 6);
151	2		L5(B, C, D, E, A, X[12], 8);
152	2		L5(A, B, C, D, E, X[ 2], 13);
153	2		L5(E, A, B, C, D, X[10], 12);
154	2		L5(D, E, A, B, C, X[14], 5);
155	2		L5(C, D, E, A, B, X[ 1], 12);
156	2		L5(B, C, D, E, A, X[ 3], 13);
157	2		L5(A, B, C, D, E, X[ 8], 14);
158	2		L5(E, A, B, C, D, X[11], 11);
159	2		L5(D, E, A, B, C, X[ 6], 8);
160	2		L5(C, D, E, A, B, X[15], 5);
161	2		L5(B, C, D, E, A, X[13], 6);
162
163	2		a1 = A, b1 = B, c1 = C, d1 = D, e1 = E;
164	2		A = hash[0], B = hash[1], C = hash[2],
165	2		D = hash[3], E = hash[4];
166
167			/* rounds of the right half */
168	2		R1(A, B, C, D, E, X[ 5], 8);
169	2		R1(E, A, B, C, D, X[14], 9);
170	2		R1(D, E, A, B, C, X[ 7], 9);
171	2		R1(C, D, E, A, B, X[ 0], 11);
172	2		R1(B, C, D, E, A, X[ 9], 13);
173	2		R1(A, B, C, D, E, X[ 2], 15);
174	2		R1(E, A, B, C, D, X[11], 15);
175	2		R1(D, E, A, B, C, X[ 4], 5);
176	2		R1(C, D, E, A, B, X[13], 7);
177	2		R1(B, C, D, E, A, X[ 6], 7);
178	2		R1(A, B, C, D, E, X[15], 8);
179	2		R1(E, A, B, C, D, X[ 8], 11);
180	2		R1(D, E, A, B, C, X[ 1], 14);
181	2		R1(C, D, E, A, B, X[10], 14);
182	2		R1(B, C, D, E, A, X[ 3], 12);
183	2		R1(A, B, C, D, E, X[12], 6);
184
185	2		R2(E, A, B, C, D, X[ 6], 9);
186	2		R2(D, E, A, B, C, X[11], 13);
187	2		R2(C, D, E, A, B, X[ 3], 15);
188	2		R2(B, C, D, E, A, X[ 7], 7);
189	2		R2(A, B, C, D, E, X[ 0], 12);
190	2		R2(E, A, B, C, D, X[13], 8);
191	2		R2(D, E, A, B, C, X[ 5], 9);
192	2		R2(C, D, E, A, B, X[10], 11);
193	2		R2(B, C, D, E, A, X[14], 7);
194	2		R2(A, B, C, D, E, X[15], 7);
195	2		R2(E, A, B, C, D, X[ 8], 12);
196	2		R2(D, E, A, B, C, X[12], 7);
197	2		R2(C, D, E, A, B, X[ 4], 6);
198	2		R2(B, C, D, E, A, X[ 9], 15);
199	2		R2(A, B, C, D, E, X[ 1], 13);
200	2		R2(E, A, B, C, D, X[ 2], 11);
201
202	2		R3(D, E, A, B, C, X[15], 9);
203	2		R3(C, D, E, A, B, X[ 5], 7);
204	2		R3(B, C, D, E, A, X[ 1], 15);
205	2		R3(A, B, C, D, E, X[ 3], 11);
206	2		R3(E, A, B, C, D, X[ 7], 8);
207	2		R3(D, E, A, B, C, X[14], 6);
208	2		R3(C, D, E, A, B, X[ 6], 6);
209	2		R3(B, C, D, E, A, X[ 9], 14);
210	2		R3(A, B, C, D, E, X[11], 12);
211	2		R3(E, A, B, C, D, X[ 8], 13);
212	2		R3(D, E, A, B, C, X[12], 5);
213	2		R3(C, D, E, A, B, X[ 2], 14);
214	2		R3(B, C, D, E, A, X[10], 13);
215	2		R3(A, B, C, D, E, X[ 0], 13);
216	2		R3(E, A, B, C, D, X[ 4], 7);
217	2		R3(D, E, A, B, C, X[13], 5);
218
219	2		R4(C, D, E, A, B, X[ 8], 15);
220	2		R4(B, C, D, E, A, X[ 6], 5);
221	2		R4(A, B, C, D, E, X[ 4], 8);
222	2		R4(E, A, B, C, D, X[ 1], 11);
223	2		R4(D, E, A, B, C, X[ 3], 14);
224	2		R4(C, D, E, A, B, X[11], 14);
225	2		R4(B, C, D, E, A, X[15], 6);
226	2		R4(A, B, C, D, E, X[ 0], 14);
227	2		R4(E, A, B, C, D, X[ 5], 6);
228	2		R4(D, E, A, B, C, X[12], 9);
229	2		R4(C, D, E, A, B, X[ 2], 12);
230	2		R4(B, C, D, E, A, X[13], 9);
231	2		R4(A, B, C, D, E, X[ 9], 12);
232	2		R4(E, A, B, C, D, X[ 7], 5);
233	2		R4(D, E, A, B, C, X[10], 15);
234	2		R4(C, D, E, A, B, X[14], 8);
235
236	2		R5(B, C, D, E, A, X[12] , 8);
237	2		R5(A, B, C, D, E, X[15] , 5);
238	2		R5(E, A, B, C, D, X[10] , 12);
239	2		R5(D, E, A, B, C, X[ 4] , 9);
240	2		R5(C, D, E, A, B, X[ 1] , 12);
241	2		R5(B, C, D, E, A, X[ 5] , 5);
242	2		R5(A, B, C, D, E, X[ 8] , 14);
243	2		R5(E, A, B, C, D, X[ 7] , 6);
244	2		R5(D, E, A, B, C, X[ 6] , 8);
245	2		R5(C, D, E, A, B, X[ 2] , 13);
246	2		R5(B, C, D, E, A, X[13] , 6);
247	2		R5(A, B, C, D, E, X[14] , 5);
248	2		R5(E, A, B, C, D, X[ 0] , 15);
249	2		R5(D, E, A, B, C, X[ 3] , 13);
250	2		R5(C, D, E, A, B, X[ 9] , 11);
251	2		R5(B, C, D, E, A, X[11] , 11);
252
253			/* update intermediate hash */
254	2		D += c1 + hash[1];
255	2		hash[1] = hash[2] + d1 + E;
256	2		hash[2] = hash[3] + e1 + A;
257	2		hash[3] = hash[4] + a1 + B;
258	2		hash[4] = hash[0] + b1 + C;
259	2		hash[0] = D;
260	2		}
261
262			/**
263			* Calculate message hash.
264			* Can be called repeatedly with chunks of the message to be hashed.
265			*
266			* @param ctx the algorithm context containing current hashing state
267			* @param msg message chunk
268			* @param size length of the message chunk
269			*/
270	2		void rhash_ripemd160_update(ripemd160_ctx ctx, const unsigned char msg, size_t size)
271			{
272	2		unsigned index = (unsigned)ctx->length & 63;
273	2		ctx->length += size;
274
275			/* fill partial block */
276	2	50	if (index) {
277	0		unsigned left = ripemd160_block_size - index;
278	0		le32_copy((char*)ctx->message, index, msg, (size < left ? size : left));
279	0	0	if (size < left) return;
280
281			/* process partial block */
282	0		rhash_ripemd160_process_block(ctx->hash, (unsigned*)ctx->message);
283	0		msg += left;
284	0		size -= left;
285			}
286	2	50	while (size >= ripemd160_block_size) {
287			unsigned* aligned_message_block;
288	0	0	if (IS_LITTLE_ENDIAN && IS_ALIGNED_32(msg)) {
289			/* the most common case is processing of an already aligned message
290			on little-endian CPU without copying it */
291	0		aligned_message_block = (unsigned*)msg;
292			} else {
293	0		le32_copy(ctx->message, 0, msg, ripemd160_block_size);
294	0		aligned_message_block = ctx->message;
295			}
296
297	0		rhash_ripemd160_process_block(ctx->hash, aligned_message_block);
298	0		msg += ripemd160_block_size;
299	0		size -= ripemd160_block_size;
300			}
301	2	50	if (size) {
302			/* save leftovers */
303	2		le32_copy(ctx->message, 0, msg, size);
304			}
305			}
306
307			/**
308			* Store calculated hash into the given array.
309			*
310			* @param ctx the algorithm context containing current hashing state
311			* @param result calculated hash in binary form
312			*/
313	2		void rhash_ripemd160_final(ripemd160_ctx *ctx, unsigned char result[20])
314			{
315	2		unsigned index = ((unsigned)ctx->length & 63) >> 2;
316	2		unsigned shift = ((unsigned)ctx->length & 3) * 8;
317
318			/* pad message and run for last block */
319
320			/* append the byte 0x80 to the message */
321	2		ctx->message[index] &= ~(0xFFFFFFFFu << shift);
322	2		ctx->message[index++] ^= 0x80u << shift;
323
324			/* if no room left in the message to store 64-bit message length */
325	2	50	if (index > 14) {
326			/* then fill the rest with zeros and process it */
327	0	0	while (index < 16) {
328	0		ctx->message[index++] = 0;
329			}
330	0		rhash_ripemd160_process_block(ctx->hash, ctx->message);
331	0		index = 0;
332			}
333	28	100	while (index < 14) {
334	26		ctx->message[index++] = 0;
335			}
336	2		ctx->message[14] = (unsigned)(ctx->length << 3);
337	2		ctx->message[15] = (unsigned)(ctx->length >> 29);
338	2		rhash_ripemd160_process_block(ctx->hash, ctx->message);
339
340	2		le32_copy(result, 0, &ctx->hash, 20);
341	2		}